Aside from the overwhelmingly insightful advice everyone gave previous to this comment, Ethics, legality, ROE and "Do you have permission" bs replies aside. Let me start by stating your vague question draws no mercy from everyone fievershly fighting for the chance to up their post/reply count.

In theory the target is a web server that you are attacking with a firewall placed between the cloud and it. Your objective should first be to obtain as much information as possible about what is running on port 80. You will want to perform banner grabs, fingerprinting the Web Server and seeing what else it supports. These day's apache is the majority, and it's pretty solid. However, if your lucky enough to find extension/plugins there may be hope yet. After you figure out the server you want to start looking at the actual webpage/web application. If it's a webpage what is the content? Ideally though you hope for a web application of some sorts that you can then determine the logic and start attacking it from there. From your question I can only guess you are knew at penetration testing and web assessments. Ergo, I recommend you read the following libro's:

You can also look into the Hacking Exposed Version 1 and 2 for web applications. Although I stray away from them they are decent introductory material and usually outline an excellent flow chart in which you can base your methodology.

phn1x wrote:Aside from the overwhelmingly insightful advice everyone gave previous to this comment, Ethics, legality, ROE and "Do you have permission" bs replies aside. Let me start by stating your vague question draws no mercy from everyone fievershly fighting for the chance to up their post/reply count.

Yes, and in addition to that we're able to pick up on sarcasm too. Shocker!

I had this typed up once but my session timed out (damn SMF) so I'll keep it short and simple this time.

The bottom line is:

if you want a real answer, ask a real question.

There is a difference between "asking a question" and "asking a question properly." For the former, most communities will flame you to death and shun you from ever returning.

If you're going to pose a question to a community focused on being professional, there are much better ways to make an introduction or post your question that will yield far greater results: Link 1Link 2Link 3

Quite simply, I find comments like "how do I hack through port 80" and "it's real for a company," in a word, stupid. Despite your disregard for ethics as stated in your post, that's what this community is focused on. You'll get a much better response for posting a question that makes you look more serious about what you're doing. Otherwise, it just begs the return question of "what the hell are you doing?"

Don't mess with someone's website/network if that's not what you should be doing. No one here is going to encourage that. I believe it was asked plenty enough for the poster to elaborate on his question. At this point however, I'm not sure who would be willing to respond.